CVE-2021-23177
23.08.2022, 16:15
An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.
| Vendor | Product | Version |
|---|---|---|
| libarchive | libarchive | 𝑥 < 3.5.2 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 8.6 |
| redhat | enterprise_linux_for_power_little_endian | 8.0 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.6 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.6 |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | codeready_linux_builder | - |
| debian | debian_linux | 10.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
References